Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sun-barr!lll-winken!amazon.llnl.gov!oberman From: oberman@amazon.llnl.gov Newsgroups: comp.org.eff.talk Subject: Re: Let's get moving gang!!! Message-ID: <1990Aug27.082030.1@amazon.llnl.gov> Date: 27 Aug 90 15:20:30 GMT References: <7686@helios.TAMU.EDU> <737@primerd.PRIME.COM> <1990Aug27.013401.16422@svc.portal.com> <38374@shemp.CS.UCLA.EDU> Sender: usenet@lll-winken.LLNL.GOV Lines: 35 In article <38374@shemp.CS.UCLA.EDU>, sprouse@oahu.cs.ucla.edu (Steven Sprouse) writes: > > One drawback to digital signatures (at least as I understand them) > is the fact that they rely on fact that the signer wants his signature > to be a secret. What happens if I digitally sign a contract and then > want out? What keeps me from leaking my secret codes (signature) to the > world and then claiming that my signature was forged? You misunderstand the function and operation of public key encryption. A digital signature is not in any way secret. The signature provides two functions. 1) Assures that the message is really from the purported author, and 2) assures that the contents ov the message have not been tampered with. Any person who receives a "signed" message, even second or third hand, will be able to confirm these things. They do this using the user's PUBLIC key. The private key is never disclosed to anyone for any purpose. Note that a digital signature does not imply that the the message itself is encrypted. Since the message is encrypted using the recipient's public key and the signature using the senders private key. The recipient then uses his private key to decrypt the message (if encrypted) and the senders pulic key to confirm the signature. And public keys are just that, public. Ideally they should be available by X.500 or some similar mechanism. You need to have access to the public key of any person you communicate with and it should not be confidential or controlled in any way. Better to shout it from the rooftops as that is the best assurance that the system works. R. Kevin Oberman Lawrence Livermore National Laboratory Internet: oberman@icdc.llnl.gov (415) 422-6955 Disclaimer: Don't take this too seriously. I just like to improve my typing and probably don't really know anything useful about anything.